Windows Server 2016: Introduce Hyper-V Nested Virtualization

One of the most important new feature on Windows Server 2016 TP4 is the Nested Virtualization. This feature allows to create an Hyper-V environment into another Hyper-V.

 

In this moment the first supported role that use this technology is Hyper-V Container, to isolate and separate process between Host Container and Containers.

 

From my point of view there’s another potential scenario: create separate Hyper-V host into one single machine. If you are a Service Provider, you could provide an entire Hyper-V host to a specific customer, without give him the real hardware. Could be Microsoft Azure the first one?

 

Nested Virtualization is present on Windows Server 2016 TP4 but also on Windows 10 (Yes Franky!). Before start with configuration, remember that:

 

  • 4 GB RAM available minimum are required for VM
  • Host and VM must run that same build – at least build 10565
  • Intel VT-x is required and there is no support for AMV-V

 

Another critical point is check if your host supports HostNestedVirtualization; to do this download and run this script:

 

Invoke-WebRequest https://raw.githubusercontent.com/Microsoft/Virtualization-Documentation/master/hyperv-tools/Nested/Get-NestedVirtStatus.ps1 -OutFile C:\Get-NestedStatus.ps1

 

Ready for rock ‘n roll? After VM’s creation, run this PowerShell cmdlet from your host:

 

Invoke-WebRequest https://raw.githubusercontent.com/Microsoft/Virtualization-Documentation/master/hyperv-tools/Nested/Enable-NestedVm.ps1 -OutFile C:\Enable-NestedVm.ps1

 

Execute the file with the name of your VM:

 

C:\Enable-NestedVm.ps1 -VmName “MyNestedHost”

 

This script does:

 

  • Disables Dynamic Memory on VM
  • Sets minimum required 4 GB static memory to VM
  • Enables virtualization extensions
  • Enables MAC Address Spoofing

 

Now it’s time to enable Hyper-V Role on your VM with these cmdlets:

 

Add-WindowsFeature RSAT-Hyper-V-Tool -IncludeAllSubFeature
Enable-WindowsOptionalFeature -FeatureName Microsoft-Hyper-V -Online

 

Restart your VM and test the new toy! It works!

 

2015_12_01_NestedVirtualization
Figure 1 – Nested Virtualization

 

Keep in mind that there are a couple of limitations/bugs:

 

  • Hosts with Device Guard enabled cannot expose virtualization extensions to guests
  • Hosts with Virtualization Based Security (VBS) enabled cannot expose virtualization extensions to guests. You must first disable VBS in order to preview nested virtualization
  • No Dynamic memory
  • No Runtime memory resize
  • No checkpoints to a running VM
  • No Live migration
  • No Save/restore

 

Too cool, right? Test Nested Virtualization today! Download Windows Server 2016 TP4

 

S

Do you like the article? Post it via social!